- chroot jails
- Deficiencies of chroot
- Jailkits
- FreeBSD Jail improvments
- Linux Namespaces
- clone() system call
- Linux capabilities
- Linux control groups
- Lightweight process virtualization
- Container components
- Copy on write (CoW) file system
- AppArmor
- Container orchestration
- Operating system level virtualization
- Process virtual machines
- Virtual machines
- Hypervisor (virtual machine monitor)
- Trap & emulate
- Guest mode execution
- Native (bare metal) VM vs. hosted VM
- Covert channel
Program Containment
Terms and concepts you should know